Microsoft Windows JScript defineProperty Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows JScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

CVE-2018-9856

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

CVE-2018-1282

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...

Ubuntu: Security Advisory (USN-3620-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard...

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch...

Critical: python-paramiko

Issue Overview: Authentication bypass in transport.py transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authenticatio...

Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that a...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3620-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3620-1 advisory. It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A...

USN-3620-1: Linux kernel vulnerabilities

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAPNETADMIN privilege could use this to cause a denial of service system crash or possibly execute arbitrary code...

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0861 It was discovered that a...

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...

CVE-2017-3969

Abuse of communication channels vulnerability in the server in McAfee Network Security Management NSM before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL...

CVE-2017-3969 SB10192 - Network Security Management (NSM) - Abuse of communication channels vulnerability

Abuse of communication channels vulnerability in the server in McAfee Network Security Management NSM before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL...

USN-3614-1: OpenJDK 7 vulnerabilities

It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. CVE-2018-2579 It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could...

USN-3614-1 openjdk-7 vulnerabilities

It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. CVE-2018-2579 It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could...

ownCloud 'OpenID' Access Control Bypass Vulnerability - Windows

ownCloud is prone to an access control bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

Fedora 27 : acpica-tools (2018-7c2e0a998d)

Security fix for CVE-2017-13693, CVE-2017-13694, CVE-2017-13695. This provides fixes for the user space ACPICA tools only. Any kernel updates are handled separately. This update also includes the upgrade to the 20190209 version of the upstream source. ---------------------------------------- 09...

[SECURITY] Fedora 28 Update: mozjs52-52.7.2-1.fc28

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript...